禁用SSL / https重定向apache2

Question

I recently enabled ssl in apache2 and everything was going well, but now everytime I try to access http://example.com/ I get redirected to https://example.com/

I checked my default.conf, apache2.conf for some directions but didn't find any.

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName example.de
DocumentRoot /var/www
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost> <VirtualHost *:443> DocumentRoot /var/www ServerName example.com SSLEngine on SSLCertificateFile /root/server.crt SSLCertificateKeyFile /root/server.key </VirtualHost>

I also double checked the .htaccess files in all directorys. Is there a way to look up from where or what is redirecting? Are any other ways to redirect ALL http requests to https?

Answer 1

Open Chrome Developer Tools, go to the network tab, click on preserve log, and load your site over http.

If you see a 301 or 302 redirect to https then something on the server is telling your browser to go to https.

If you see a 307 redirect to gyros then the site has, or had, a Strict-Transport-Security (aka HSTS) header set on it to force https and Chrome has cached that policy. This is a security feature web servers can use to enforce https. Check the HTTP Headers returned to see if that's the case and, if no such header is being sent than you can view and clear an old policy by using this page into your address bar: chrome://net-internals/#hsts